CVE-2022-32548

Home/CVE/An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin

CVE

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

CRITICAL · CVSS 10 EPSS 0.65569

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 1% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

Look this up elsewhere - one-click external pivots

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

▸ How to read a CVE - triage first, then detect and patch

This page is every public fact about CVE-2022-32548, cross-linked. Its job is to answer one question fast - does this need my attention now? - and then hand you the two things you do about it. Here is how an analyst reads it.

Triage: should I act now? Four signals, and they are not interchangeable:

CVSSseverity - how bad it is IF exploited, 0-10. A high CVSS alone is not urgency; a flaw can be a perfect 10 and never actually be attacked. EPSSprobability - a model’s estimate of the chance it is exploited in the next 30 days, 0-1. This is the “will it actually happen” signal. CISA KEVconfirmed - it is being exploited in the wild right now. The strongest signal on the page; KEV beats any score. Weaponisedavailability - public exploits / PoCs, and especially Metasploit modules rated Excellent / Great. Reliable, packaged exploit code means low-skill attackers can use it today.

How they combine: KEV, or a dependable Metasploit module, means patch now regardless of CVSS. High CVSS + low EPSS + no exploit is real but not an emergency - schedule it. Low CVSS but KEV-listed still gets patched now. The verdict above already weighed these for you; this is how it got there.

Then what - two workflows:

Detectwhen you cannot patch today, follow this CVE to the ATT&CK techniques it enables, then Build a SIEM detection (the green button) - author a rule, test it in Atomic, deploy it. That buys visibility while the patch waits. PatchAffected products / packages tell you if you are exposed; Fixed versions by distribution and Vendor advisories give the exact version that closes it.

Reading order for the panels below: verdict + badges, then Public exploits / Metasploit (is it weaponised), then ATT&CK techniques + Sigma / IDS rules (can I detect it), then Affected products / packages + Fixed versions (am I exposed, what patches it), then Threat actors / IOCs (who uses it), then Scoring & timeline / references (the evidence).

View attack path from CVE-2022-32548

◆

ATT&CK techniques

Techniques this CVE enables - linked via CWECAPECATT&CK. High◆ = named directly in ATT&CK or Nuclei templates.

T1190 · Exploit Public-Facing Application T1482 · Domain Trust Discovery

▤ Build a SIEM detection for these techniques

▤

CAPEC attack patterns

Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.

CAPEC-CAPEC-10 · Buffer Overflow via Environment Variables CAPEC-CAPEC-100 · Overflow Buffers CAPEC-CAPEC-14 · Client-side Injection-induced Buffer Overflow CAPEC-CAPEC-24 · Filter Failure through Buffer Overflow CAPEC-CAPEC-42 · MIME Conversion CAPEC-CAPEC-44 · Overflow Binary Resource File CAPEC-CAPEC-45 · Buffer Overflow via Symbolic Links CAPEC-CAPEC-46 · Overflow Variables and Tags CAPEC-CAPEC-47 · Buffer Overflow via Parameter Expansion CAPEC-CAPEC-67 · String Format Overflow in syslog() CAPEC-CAPEC-8 · Buffer Overflow in an API Call CAPEC-CAPEC-9 · Buffer Overflow in Local Command-Line Utilities

⬡

Weakness Classification

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

▤

Affected Products & Versions

draytek vigor3910 firmware< 4.3.1.1
draytek vigor1000b firmware< 4.3.1.1
draytek vigor2962 firmware< 4.3.1.1
draytek vigor2962p firmware< 4.3.1.1
draytek vigor2927 firmware< 4.4.0
draytek vigor2927ax firmware< 4.4.0
draytek vigor2927ac firmware< 4.4.0
draytek vigor2927vac firmware< 4.4.0
Show all 60 affected productsdraytek vigor2927l firmware< 4.4.0
draytek vigor2927lac firmware< 4.4.0
draytek vigor2915 firmware< 4.3.3.2
draytek vigor2915ac firmware< 4.3.3.2
draytek vigor2952 firmware< 3.9.7.2
draytek vigor2952p firmware< 3.9.7.2
draytek vigor3220 firmware< 3.9.7.2
draytek vigor2926 firmware< 3.9.8.1
draytek vigor2926n firmware< 3.9.8.1
draytek vigor2926ac firmware< 3.9.8.1
draytek vigor2926vac firmware< 3.9.8.1
draytek vigor2926l firmware< 3.9.8.1
draytek vigor2926ln firmware< 3.9.8.1
draytek vigor2926lac firmware< 3.9.8.1
draytek vigor2862 firmware< 3.9.8.1
draytek vigor2862n firmware< 3.9.8.1
draytek vigor2862ac firmware< 3.9.8.1
draytek vigor2862vac firmware< 3.9.8.1
draytek vigor2862b firmware< 3.9.8.1
draytek vigor2862bn firmware< 3.9.8.1
draytek vigor2862l firmware< 3.9.8.1
draytek vigor2862ln firmware< 3.9.8.1
draytek vigor2862lac firmware< 3.9.8.1
draytek vigor2620l firmware< 3.9.8.1
draytek vigor2620ln firmware< 3.9.8.1
draytek vigorlte 200n firmware< 3.9.8.1
draytek vigor2133 firmware< 3.9.6.4
draytek vigor2133n firmware< 3.9.6.4
draytek vigor2133ac firmware< 3.9.6.4
draytek vigor2133vac firmware< 3.9.6.4
draytek vigor2133fvac firmware< 3.9.6.4
draytek vigor2762 firmware< 3.9.6.4
draytek vigor2762n firmware< 3.9.6.4
draytek vigor2762ac firmware< 3.9.6.4
draytek vigor2762vac firmware< 3.9.6.4
draytek vigor165 firmware< 4.2.4
draytek vigor166 firmware< 4.2.4
draytek vigor2135 firmware< 4.4.2
draytek vigor2135ac firmware< 4.4.2
draytek vigor2135vac firmware< 4.4.2
draytek vigor2135fvac firmware< 4.4.2
draytek vigor2765 firmware< 4.4.2
draytek vigor2765ac firmware< 4.4.2
draytek vigor2765vac firmware< 4.4.2
draytek vigor2766 firmware< 4.4.2
draytek vigor2766ac firmware< 4.4.2
draytek vigor2766vac firmware< 4.4.2
draytek vigor2832 firmware< 3.9.6
draytek vigor2865 firmware< 4.4.0
draytek vigor2865ax firmware< 4.4.0
draytek vigor2865ac firmware< 4.4.0
draytek vigor2865vac firmware< 4.4.0

⚠

Public Exploits & PoCs

These PoC and exploit links come from public sources and are not verified to be safe or functional. Review the code before running anything, and treat unverified entries as untrusted.
pocMosaedH/CVE-2022-32548-RCE-POC (nomi-sec)
pocPublic PoC (nvd-reference)
pocPublic PoC (nvd-reference)
pocAKQuraish/Autonomous (trickest)
pocARPSyndicate/cvemon (trickest)
pocInplex-sys/CVE-2022-23093 (trickest)
pocNaInSec/CVE-PoC-in-GitHub (trickest)
pocSYRTI/POC_to_review (trickest)
pocWhooAmii/POC_to_review (trickest)
pocgl3s7/CVE-2022-32548-PoC (trickest)
pockor34N/CVE-2022-32548-mass (trickest)
pocnomi-sec/PoC-in-GitHub (trickest)
poctrhacknon/Pocingit (trickest)
pocuicres/draytek-RCE (trickest)
pocuisvit/CVE-2022-32548-MASS-RCE (trickest)
pocwww.securityweek.com · smbs-exposed-attacks-critical-vulnerability-draytek-vigor...www.securityweek.com
pocwww.trellix.com · rce-in-dratyek-routers.htmlwww.trellix.com

▣

Scoring & Timeline

CRITICAL · CVSS v3.1 · [email protected]

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD29 Aug 2022 · 06:15 AM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H